1
0
mirror of https://github.com/hotomoe/hotomoe synced 2024-12-13 22:28:14 +09:00

Merge branch 'develop'

This commit is contained in:
syuilo 2023-02-04 18:22:08 +09:00
commit 9d84214462
4 changed files with 15 additions and 3 deletions

View File

@ -9,6 +9,11 @@
You should also include the user name that made the change. You should also include the user name that made the change.
--> -->
## 13.3.3 (2023/02/04)
### Bugfixes
- Server: improve security
## 13.3.2 (2023/02/04) ## 13.3.2 (2023/02/04)
### Improvements ### Improvements

View File

@ -1023,17 +1023,23 @@ _achievements:
title: "定期联系Ⅲ" title: "定期联系Ⅲ"
description: "总登录天数400天" description: "总登录天数400天"
_login500: _login500:
title: "老熟人Ⅰ"
description: "总登录天数500天" description: "总登录天数500天"
flavor: "诸君,我喜欢贴文" flavor: "诸君,我喜欢贴文"
_login600: _login600:
title: "老熟人Ⅱ"
description: "总登录天数600天" description: "总登录天数600天"
_login700: _login700:
title: "老熟人Ⅲ"
description: "总登录天数700天" description: "总登录天数700天"
_login800: _login800:
title: "帖子大师Ⅰ"
description: "总登录天数800天" description: "总登录天数800天"
_login900: _login900:
title: "帖子大师Ⅱ"
description: "总登录天数900天" description: "总登录天数900天"
_login1000: _login1000:
title: "帖子大师Ⅲ"
description: "总登录天数1000天" description: "总登录天数1000天"
flavor: "感谢您使用Misskey" flavor: "感谢您使用Misskey"
_noteClipped1: _noteClipped1:
@ -1086,6 +1092,7 @@ _achievements:
title: "信号塔" title: "信号塔"
description: "拥有超过500名关注者" description: "拥有超过500名关注者"
_followers1000: _followers1000:
title: "大影响家"
description: "拥有超过1000名关注者" description: "拥有超过1000名关注者"
_collectAchievements30: _collectAchievements30:
title: "成就收藏家" title: "成就收藏家"

View File

@ -1,6 +1,6 @@
{ {
"name": "misskey", "name": "misskey",
"version": "13.3.2", "version": "13.3.3",
"codename": "nasubi", "codename": "nasubi",
"repository": { "repository": {
"type": "git", "type": "git",

View File

@ -95,14 +95,14 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
try { try {
if (ps.tag) { if (ps.tag) {
if (!safeForSql(ps.tag)) throw 'Injection'; if (!safeForSql(normalizeForSearch(ps.tag))) throw 'Injection';
query.andWhere(`'{"${normalizeForSearch(ps.tag)}"}' <@ note.tags`); query.andWhere(`'{"${normalizeForSearch(ps.tag)}"}' <@ note.tags`);
} else { } else {
query.andWhere(new Brackets(qb => { query.andWhere(new Brackets(qb => {
for (const tags of ps.query!) { for (const tags of ps.query!) {
qb.orWhere(new Brackets(qb => { qb.orWhere(new Brackets(qb => {
for (const tag of tags) { for (const tag of tags) {
if (!safeForSql(tag)) throw 'Injection'; if (!safeForSql(normalizeForSearch(tag))) throw 'Injection';
qb.andWhere(`'{"${normalizeForSearch(tag)}"}' <@ note.tags`); qb.andWhere(`'{"${normalizeForSearch(tag)}"}' <@ note.tags`);
} }
})); }));